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DETAILED ACTION 
Claim Rejections - 35 USC § 112 

1. The following is a quotation of the first paragraph of 35 U.S.C. 112: 

The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his invention. 

Claims 5, 6 and 16 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the enablement requirement. The claim(s) contains subject matter which 
was not described in the specification in such a way as to enable one skilled in the art to 
which it pertains, or with which it is most nearly connected, to make and/or use the 
invention. 

Claim 5 recites "the VPN processor is configured to send a response message to 
the second private network if the tunnel setup request message comprising a network 
address of the second private network and a second network address to be used in the 
VPN tunnel as a network address of the second private network is received, the 
response message comprising a network address of the first private network, the 
second network address, and a third network address to be used in the VPN 
tunnel as a network address of the second private network. 

The recited limitation," the response message comprising a network address 
of the first private network, the second network address, and a third network 
address to be used in the VPN tunnel as a network address of the second private 
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network 1 , conflicts with descriptions in paragraphs [0078], [0079], [0092] and [0093] of 
the specification or is not described in the specification in such a way as to enable one 
skilled in the art to which it pertains, or with which it is most nearly connected, to make 
and/or use the invention. 

Claims 6 and 16 recites the limitation "The gateway as claimed in claim 2, 
wherein the web server comprises a middleware server 3 '. There is no description or 
supporting evidence found in the specification that the web server comprises a 
middleware server. 

Claim Rejections - 35 USC §112 

2. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claim 4 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite 
for failing to particularly point out and distinctly claim the subject matter which applicant 
regards as the invention. 

Claim 4 recites "The gateway as claimed in claim 3, wherein the tunnel setup 
request message comprises a network address of the second private network and a 
second network address to be used for the network address of the second private 
network in the VPN tunnef. It is unclear which one of two tunnel setup request 
messages (recited in claim 3) claim 4 refers to. 
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Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 1 is rejected under 35 U.S.C. 103(a) as being unpatentable over US 
Patent No. 6,226.751 to Arrow et al. ("Arrow") in view of US Patent No. 7,209,479 to 
Larson. 

Regarding claim 1 , Arrow teaches a gateway [Fig. 1; VPN Unit/Router] 

comprising: 

at least one public network interface connected to a public network [Figs. 1 & 7; 
VPN Unit 115/Public Interface 717 to Public Network 100]; 

at least one private network interface connected to a private network [Figs. 1 & 
7; VPN Unit 115/Private Interface 719 to LAN 110]; and 

a control unit [Fig. 7; Operating System 116] linked to the public network 
interface and the private network interface, wherein the control unit is configured to set 
up a virtual private network (VPN) tunnel [Fig. 8; VPN setup and creation; col 11, 
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lines 1-49] by communicating with a gateway [Figs. 1 & 7; VPN Unit 125] of a second 
private network [Fig. 1; LAN 120] connected to the public network, and 

wherein the control unit is configured to create a new network address table in 
order for the first and said second private networks to use different network addresses 
in the VPN tunnel [Fig. 7, Address Translation Unit 731; col. 10, lines 31-42; Fig. 8, 
step 816, col. 11, lines 37-48], and translate addresses based on the new network 
address table and forward data packets transmitted from the host connected to the first 
private network [Fig. 7, Address Translation Unit 731 & Routing Module 722; col. 
10, lines 3-7, 31-42] or from the second private network, if the first and second private 
networks have the same network address [Fig. 7, Address Translation Unit 731; col. 
10, lines 31-42; Fig. 8, step 816, col. 11, lines 37-48] or a network address of one of 
the first and second private networks is included in a network address of the first and 
second private networks. 

Arrow does not expressly teach a tunnel setup request is received from a host 
connected to a first private network to set up a tunnel to the second private network. 

Larson teaches a tunnel setup request is received from a host connected to a 
first private network to set up a tunnel to the second private network [Abstract & Fig. 4; 
a virtual private network is created by sending a request from a first VPN device 
to a second VPN device for establishing a VPN between the first and second 
devices; Col. 8, lines 45-63]. 
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It would have been obvious to a person of ordinary skill in the art at the time of 
the invention was made to modify Arrow's centralized management approach in view of 
Larson's distributed management alternative since both inventions are related to VPN 
gateway devices. 

The motivation for modifying Arrow's VPN unit or gateway device is to enable a 
local system administrator to initiate a VPN tunnel setup from a remote location, as 
opposed to the completely centralized management approach, and improve the overall 
flexibility of VPN network configurations and operations. 

Claim Rejections - 35 USC § 103 

4. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claims 2, 3, 6-8, 11-14 and 16 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over US Patent No. 6,226751 to Arrow et al. ("Arrow") in view of US 
Patent No. 7,209,479 to Larson and further in view of US Patent Application Pub. No. 
2003/0028650 A1 by Chen et al. (hereinafter "Chen"). 
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Regarding claims 2 and 7, Arrow, in view of Larson, teaches the control unit 
comprises: 

a graphical user interface to provide a tunnel setup request page in order for the 
host connected to the first private network to initiate the tunnel setup request [Larson: 
Fig. 5; GUI Interface 500 for administering VPNs; col. 10, lines 20-39]; 

a processor configured to obtain an Internet Protocol (IP) address of the gateway 
of the second private network from a Domain Name Server (DNS) connected to said 
public network with respect to the tunnel setup request by the host connected to the first 
private network [Larson: Fig. 6, steps 601-603; a central certificate repository 602 
or DNS; col. 10, line 64 - col. 11, line 15]; 

a Home-to-Home Tunneling Initiation Protocol (HTIP) processor configured to 
transmit and receive a tunnel setup request message in accordance with the tunnel 
setup request being transmitted through the public network interface or the private 
network interface, the tunnel setup request message containing a parameter necessary 
for the setup of tunnel between the first and second private networks [Larson: 
Abstract; Fig. 3, Block 301, The request contains VPN parameter information, 
such as identity, host name, etc.; col. 6, lines 48-62; Fig. 6. A process flow of an 
exchange of parameters for setting up a VPN; col. 11, lines 24-62]; 

a VPN processor configured to operate as a server or a client according to the 
tunnel setup request transferred through the public network interface or the private 
network interface, and create a tunnel to said second private network [Arrow: Fig. 7, 
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VPN Processor 718; col. 9, line 41- col. 10, line 25; Larson: Fig. 4, VPN Processor 
401; col. 8, lines 45-63], and 

a Network Address Table (NAT)/Network Address Port Table (NAPT) processor 
configured to translate a private IP address into an IP address or translating an IP 
address into a private IP address by using a NAPT protocol with respect to data packets 
transmitted between said public network and said private network, and translate private 
IP addresses in the VPN tunnel by using a NAT protocol if the VPN tunnel is set up 
between the first private network and the second private network [Arrow: Fig. 7, 
Address Translation Unit 731; col. 10, lines 31-42; Fig. 8, step 816, col. 11, lines 
37-48]. 

Arrow, in view of Larson, does not expressly teach the gateway comprising a 
web server or a private network Domain Name Server (DNS) processor to obtain an 
Internet Protocol (IP) address of the gateway of the second private network from a 
Domain Name Server (DNS) connected to said public network. 

Chen teaches a network interface unit for use intermediate a LAN and a public or 
private network for establishing secure links to a VPN gateway [Abstract & Fig. 4]. 
The network interface unit comprises a GUI Server 450 for providing web pages to user 
at the client terminal having appropriate browser software and display functions [Fig. 4, 
pars. 0060-0061] and a private DNS server 41 5 [Fig. 4, pars. 0067-0069] to obtain an 
Internet Protocol (IP) address of the gateway of the private network from a Domain 
Name Server (DNS) connected to said public network. 
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It would have been obvious to a person of ordinary skill in the art at the time of 
the invention was made to incorporate the private DNS server and the GUI server as 
taught by Chen into the combined invention of Arrow and Larson since they all are 
closely related to VPN gateway devices. 

The motivation for implementing the private DNS server and GUI server into the 
VPN device would be to provide web pages for use in setup and configuration of 
network clients and to constrain client access to only authorized destinations as 
specified in the private DNS server so that a further measure of security is assured. 

Regarding claims 3 and 8, Arrow, in view of Larson, teaches the VPN/HTIP 
processor is configured to send a tunnel setup request message to the gateway of the 
second private network if the tunnel setup request is transmitted from the host 
connected to the first private network [Larson: Figs. 4 & 6, step 604; The VPN device 
at CpmpanyA.com uses the address information for contacting CompanyB.com 
by generating and sending a VPN tunnel proposal message to CompanyB.com 
via the Internet; col. 11, lines 16-23], and send an acknowledgement (ACK) to the 
gateway of the second private network if a response to the tunnel setup request is 
received from the gateway of the second private network [Larson: Fig. 6, step 605; 
When all of steps, col. 11, lines 24-44, completed, the VPN device of 
CompanyB.com send a response/ACK to CompanyA.com. The VPN device of 
CompanyA.com receives the response/ACK and performs the similar process, i.e. 
sends a response/ACK to the VPN device ofCompanyB.com; col. 11, lines 56-62]. 
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Regarding claims 6 and 16, , Arrow, in view of Larson and further in view of 
Chen, teaches the gateway comprises a web server or a middleware functioning as a 
web server function [Chen: GUI Server 450]. 

Regarding claims 1 1 and 12, Arrow, in view of Larson, teaches the HTIP 
processor is configured to set the VPN processor as a VPN server, and send out a 
READY message, notifying the second private network that the setting of the VPN 
processor is completed to set up a VPN tunnel between the first private network and the 
second private network , if the ACK message is received from the second private 
network [Larson: Fig. 6, step 606; It would be obvious in Larson that a Ready or 
equivalent message is exchanged between two parities since both parties are 
satisfied with their respective verifications of the VPN parameters contained in 
the tunnel proposal messages for establishing a VPN tunnel; col. 11, line 63 to 
col. 12, Iine3] 

Regarding claim 13, Arrow, in view of Larson, teaches the HTIP processor is 
configured to analyze the tunnel setup request message or the response message from 
the second private network, and notify the second private network the tunnel request 
message [Larson: Fig. 6, steps 604-605; col. 11, lines 24-60]. 

Regarding claim 14, Arrow, in view of Larson, teaches the HTIP processor is 
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configured to newly set parameters and parameter values contained in the tunnel 
setup request message [Larson: Abstract; Fig. 3, Block 301, The request contains 
VPN parameter information, such as identity, host name, etc.; col. 6, lines 48-62; 
Fig. 6. A process flow of an exchange of parameters for setting up a VPN; col. 1 1 , 
lines 24-62]. 



Allowable Subject Matter 

5. Claims 9, 10 and 15 are objected to as being dependent upon a rejected base 
claim, but would be allowable if rewritten in independent form including all of the 
limitations of the base claim and any intervening claims. 

Conclusion 

6. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

• US Patent No. 6,079,020 to Liu discloses "Method And Apparatus For 
Managing A Virtual Private Network" 

. US Patent No. 6,126,664 to Yanagidate et al. disclose "Address-Translating 
Connection Device" 
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• US Patent No. 6,944,167 to McPherson discloses "Method And Apparatus 
For Dynamic Allocation Of Private Address Space Based Upon Domain 
Name Service Queries" 

7. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Albert T. Chou whose telephone number is 571-272- 
6045. The examiner can normally be reached on 8:30 - 17:00. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Chi H. Pham, can be reached on 571-272-3179. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 

Albert T. Chou /i 



July 20, 2007 





